hxxps://www[.]mediafire[.]com/file_premium/bagylybf0pk8rsk/Oyun_Aktivatoru[.]zip/file

Analysis

max time kernel
149s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/09/2024, 10:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file_premium/bagylybf0pk8rsk/Oyun_Aktivatoru.zip/file

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
1944	winrar-x64-701tr.exe
4480	winrar-x64-701tr.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133700074439972489"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	OpenWith.exe

Opens file in notepad (likely ransom note) 3 IoCs

ransomware

pid	Process
416	NOTEPAD.EXE
5676	NOTEPAD.EXE
336	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
5924	msedge.exe
5924	msedge.exe
3320	msedge.exe
3320	msedge.exe
4064	identity_helper.exe
4064	identity_helper.exe
4868	msedge.exe
4868	msedge.exe
5012	chrome.exe
5012	chrome.exe
6076	taskmgr.exe
6076	taskmgr.exe
6076	taskmgr.exe
6076	taskmgr.exe
6076	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
6028	OpenWith.exe
2500	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
6076	taskmgr.exe
6076	taskmgr.exe
6076	taskmgr.exe
6076	taskmgr.exe
6076	taskmgr.exe
6076	taskmgr.exe
6076	taskmgr.exe
6076	taskmgr.exe
6076	taskmgr.exe
6076	taskmgr.exe
6076	taskmgr.exe
6076	taskmgr.exe
6076	taskmgr.exe
6076	taskmgr.exe
6076	taskmgr.exe
6076	taskmgr.exe

Suspicious use of SetWindowsHookEx 38 IoCs

pid	Process
6028	OpenWith.exe
6028	OpenWith.exe
6028	OpenWith.exe
6028	OpenWith.exe
6028	OpenWith.exe
6028	OpenWith.exe
6028	OpenWith.exe
1944	winrar-x64-701tr.exe
1944	winrar-x64-701tr.exe
4480	winrar-x64-701tr.exe
4480	winrar-x64-701tr.exe
2500	OpenWith.exe
2500	OpenWith.exe
2500	OpenWith.exe
2500	OpenWith.exe
2500	OpenWith.exe
2500	OpenWith.exe
2500	OpenWith.exe
2500	OpenWith.exe
2500	OpenWith.exe
2500	OpenWith.exe
2500	OpenWith.exe
2500	OpenWith.exe
2500	OpenWith.exe
2500	OpenWith.exe
2500	OpenWith.exe
2500	OpenWith.exe
2500	OpenWith.exe
2500	OpenWith.exe
2500	OpenWith.exe
2500	OpenWith.exe
2500	OpenWith.exe
2500	OpenWith.exe
2500	OpenWith.exe
2500	OpenWith.exe
2500	OpenWith.exe
2500	OpenWith.exe
2500	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3320 wrote to memory of 2436	3320	msedge.exe	84
PID 3320 wrote to memory of 2436	3320	msedge.exe	84
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5320	3320	msedge.exe	85
PID 3320 wrote to memory of 5924	3320	msedge.exe	86
PID 3320 wrote to memory of 5924	3320	msedge.exe	86
PID 3320 wrote to memory of 1884	3320	msedge.exe	87
PID 3320 wrote to memory of 1884	3320	msedge.exe	87
PID 3320 wrote to memory of 1884	3320	msedge.exe	87
PID 3320 wrote to memory of 1884	3320	msedge.exe	87
PID 3320 wrote to memory of 1884	3320	msedge.exe	87
PID 3320 wrote to memory of 1884	3320	msedge.exe	87
PID 3320 wrote to memory of 1884	3320	msedge.exe	87
PID 3320 wrote to memory of 1884	3320	msedge.exe	87
PID 3320 wrote to memory of 1884	3320	msedge.exe	87
PID 3320 wrote to memory of 1884	3320	msedge.exe	87
PID 3320 wrote to memory of 1884	3320	msedge.exe	87
PID 3320 wrote to memory of 1884	3320	msedge.exe	87
PID 3320 wrote to memory of 1884	3320	msedge.exe	87
PID 3320 wrote to memory of 1884	3320	msedge.exe	87
PID 3320 wrote to memory of 1884	3320	msedge.exe	87
PID 3320 wrote to memory of 1884	3320	msedge.exe	87
PID 3320 wrote to memory of 1884	3320	msedge.exe	87
PID 3320 wrote to memory of 1884	3320	msedge.exe	87
PID 3320 wrote to memory of 1884	3320	msedge.exe	87
PID 3320 wrote to memory of 1884	3320	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file_premium/bagylybf0pk8rsk/Oyun_Aktivatoru.zip/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa10646f8,0x7ffaa1064708,0x7ffaa1064718
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,11746150646069099118,14351521863201260341,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,11746150646069099118,14351521863201260341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,11746150646069099118,14351521863201260341,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11746150646069099118,14351521863201260341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11746150646069099118,14351521863201260341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,11746150646069099118,14351521863201260341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,11746150646069099118,14351521863201260341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11746150646069099118,14351521863201260341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11746150646069099118,14351521863201260341,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1888,11746150646069099118,14351521863201260341,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11746150646069099118,14351521863201260341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11746150646069099118,14351521863201260341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11746150646069099118,14351521863201260341,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,11746150646069099118,14351521863201260341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1380

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3528

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Oyun_Aktivatoru.zip\!!! Arşiv şifresi - 123.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:416

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6028

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Oyun_Aktivatoru.zip\!!! Beni_Oku.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:5676

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Oyun_Aktivatoru.zip\!!! Beni_Oku.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9255cc40,0x7ffa9255cc4c,0x7ffa9255cc58
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,16680767544011566621,6368877946996348586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1884 /prefetch:2
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2012,i,16680767544011566621,6368877946996348586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2064 /prefetch:3
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,16680767544011566621,6368877946996348586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2404 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,16680767544011566621,6368877946996348586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,16680767544011566621,6368877946996348586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4568,i,16680767544011566621,6368877946996348586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3880 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4504,i,16680767544011566621,6368877946996348586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4516,i,16680767544011566621,6368877946996348586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3548 /prefetch:8
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5032,i,16680767544011566621,6368877946996348586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4488 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5340,i,16680767544011566621,6368877946996348586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5344,i,16680767544011566621,6368877946996348586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3444,i,16680767544011566621,6368877946996348586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:3016
- C:\Users\Admin\Downloads\winrar-x64-701tr.exe
  "C:\Users\Admin\Downloads\winrar-x64-701tr.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1944
- C:\Users\Admin\Downloads\winrar-x64-701tr.exe
  "C:\Users\Admin\Downloads\winrar-x64-701tr.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4480

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:228

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3880

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\a941812b2e5c4a3eaf8e2794cd4e072a /t 3232 /p 4480
1⤵
PID:4896

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:6076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
85bd3c8f79949bf9b6a42a32e8945fe4

SHA1
fcc36969069e44d5c0fa29a18ea1ed168bb2ea06

SHA256
26ec5095790f0236650c5ec47adc3e26a4a0db8d5af0c3ae8f0e21b1d5945010

SHA512
c0144b5a8d3351fa1ef99e591af421744ccb3aea6feec954472f0e62632588dba836f4c34a422194ead278c68e7426bbb50c59b70df2344445f43e6b77b688ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
4b05393eabade3e9201a8175bae34122

SHA1
565aea9ea8c549448febde973a162feb3bf72b1b

SHA256
9c6b72b1ef6baf2a4438eed6fe85cddef51fe627ccc0dd73ab5cc5a585002b56

SHA512
4983be8d81cfd5c59c6befeb498735386d7868b5172bdec2f05a3309a06a01fcf0b76863ec351e7c312dc6864759fb7329673f0805060cc752cfdd038ed0be7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
49d2b1645485a1983b9d40cd8eb9bb28

SHA1
a70e5b4b4a365e35d50403a91f38c20c2d400d40

SHA256
7096fe721772684e1e93c0de309a674f8d4cceddc1a6255176c6d5d2a43896c1

SHA512
4d97669ef7e8bcf576d50bbaace07a61b7fd28a75f097e917f2bcafad0bc2d1bab04c9175ff42832408269321a5578f8b72f8a02cb975328fb5398211f6fae31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
882b02e00fce38db57be5a3ac9e4ee66

SHA1
1e987daa73438a94d40b101f5acadd7c634f193c

SHA256
416aa71838a3741319478e1d97a5908faa6bcd2962ba30c098e5ac5f373412af

SHA512
f3a75426dd6f28f060fac6876540f3f30e4310e80e56d7067a26eaf5777982eaf4c4c54f070fa9637aaf6b431a53efe5832974985e77ff64869ff80c967a3a88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
24c81c53e2e461896ca452864a98a257

SHA1
9b49243da19c2bf2a128f20de88a1294301c8974

SHA256
4daf51574748e21f7774f591b686527b4f31b3f8d01767a7eff17104569f1e4f

SHA512
ef1e11aecf4d207bdba0c7e7bd2681c4b862f4c4c37dababcf10c345f4edebf95f47ffd435dd109124cba85b04fdb31c90d9c43f8c2912255ce83a75840f0dee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0c786f001cc19bf13d208d02584555d8

SHA1
9e23327227120080931ebf7db85f8c3ebe1d70ec

SHA256
3bb849a2db70f43200c9770b94f5509d225d422b4727af2604ac33367766ccb0

SHA512
a66275991097f95dc9d5080e73e75284aa5318077ea335ffef4ebdef905d5d2fd79c832af699b222788967b378e66ff5bc2d52160748d44e4dcadd0d10495347

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bb5fe15ce1b3dc64a356ef8743a1181e

SHA1
b4e1d8387cad14419a25c26ccd095104c430aa1a

SHA256
c57e678fa07dbb3133a94a2c7512c872aa6affa385bd4bf9b8bb421f6264ccce

SHA512
543542585e56115bdabfdbe840ac3e21cfb60862e927143f568f0820ba3d7af0a2a38ca0308530e6c9aaf7b75b2a42d4f64ae659676e051453e13a9fcdb5226a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ee5b460e07c16f4896109850eebcf368

SHA1
f83f5c0fbea8f05f25e96b8d56fa324e46ef138e

SHA256
57de4281b024e51fa9fc6b82a560231723a53a5b05e999d1b2d77af516ef76fc

SHA512
ded8720c73f495e306da1bc1674234bce9e8bc6bf0afe0623b19099bafe8d3ec92c55c25f2dcba605d2c6409d82eef23cee50f5546d44f3d9e26def23546e401

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4d37bdbc451bf524d6d03aba16c179af

SHA1
94477177669d588dff221bc600d0818c9c210e59

SHA256
8b39a0687f0a08b37cab68fcd5ccea846709b2dadd5d7203d0bf411019f061c8

SHA512
7448a01548f02c97f010d8a661436754f8da7cac6a5813833a275000da3efc9d1feefdd199eb2aa9227aa7c84c1097b1ef8edb86c67c29123a573cf5c205bdb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5606a1b51c31f3f94cab6675d850af30

SHA1
0f9a13032a0719a5e691c6a77b31d32e6c425613

SHA256
4295e7717437ae9c357a43d91c24195c488f3db275b26a48c528b1f95144f37a

SHA512
c60814bc91590095d30b3f227978b1573c461e5dfec523b91dc91d68a61a721ef88c9ecd750c72c4d7b6ae5a840c94ff4d6c0f2dcd9b6efaff8efde95b6ae778

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8ae09d4a842b53b7a9bef7b55a277477

SHA1
ac697bfd65bb35991c620190f3718b2e18b3fbc8

SHA256
c8b2c6c431c0f00f82ac3292a80b03d7c47e7236e9bb6107ec7f0110b4f984a6

SHA512
f49e400cd9239c7c0e11771bb27e9bfe89093e03c0a7160cb09e15de763117723e8b56b245e91854d39e7f991aaa01c2f18b0ed05e9ef55ed57213a677a253b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
687938dca2c509347e967cf57a908eab

SHA1
981b96c158e9959c92990998b6c2850bde9acf2f

SHA256
c31f5b8c7c156fc8e6af0a31f15e221def508aea3c598ab3f68450d89b79f831

SHA512
adec5f3545bcb88eca68dca0131018f0caf0bfa430b40813a7b0f0292b2e7807bad81abf9760d053db3c10330e1db9aa921964c14a503b5552fc7a10d6ccae24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
1923d4f58867a627d6c20b0b75710e84

SHA1
25816eeffbb0a4dd60a9367771f898ab1b433a71

SHA256
e511840429c6dc0f1c8248248e4561b331e995bed56776aabc4f93b3e7db961d

SHA512
d539a51e5325f3aec02f61905a43ed07ab500f64bc033c8413dba448814076815be92d8fdcd2e8402ecaa1f76dac0d37a3f1747a5ad3c96efcd9a64f2384de9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\5030d7ac-4b76-4aef-916a-e0a4a3cd5e2a.tmp

Filesize
10KB

MD5
2b8e18ee6ba0730f9e23d9876f036406

SHA1
c9a7a9dc54088a907be0bdba015e1fc1349f5158

SHA256
6d36d23cc32639ca33774ab6d084b6d200cf1da57bcf9f1380de6ae8517adbf4

SHA512
5002387b29e3d4de50cfa4eca397d610178a640502197ce2cf999a9e79c5498d470cdd287632f3d42965958e196b887d722018fbf3056875c7fe2b741eb78d95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
185B

MD5
b69adcfb75f2916b35c51474352bb803

SHA1
c4646f34326f902dcdd824338e0e9d9ec98c1eca

SHA256
ba460330a066edf83b12d01733f71ee2e5a1d9ff657473ce6a02c1d55635d971

SHA512
6074e327f9c72839df92f70fc623773128abbe598a6af6ac65f57fdcc94b219a5718721676e5e7c982383861ae40b6cb8a9284f0fa2b0db1c05192ab89fbd36f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
648131ed901e71ef09fc3f04b5ef0fe8

SHA1
04326ad58611f5a59e8c2105b2989f25e554f1ed

SHA256
20a747c2b79924636ff34039430a93ef39bd34b472b01f4d7ce747ec44ffe0ea

SHA512
9a174e6934fc35f1587bda8e71bbb834cf7fa3047b78efe17964611b9e7c97038c32135ead4911f0a29922649cbe2bcf3fb03d156aefe38a97a8e53d10290829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
13126d912fc7a29a59cbb220bff90284

SHA1
6a32fcca48d7da82e367d0d2904628e653e032d0

SHA256
35631ccde3ff917ed93dd5ef023687c545a5312baef913ea1e28a90ea54ef81b

SHA512
e74813a0fafedf30494765675662285cc66876d5cadabffd2b988ef010af8794a2814f0772c122e0f3479bdd28a2b14b014bd59eb677fdc00c2c04bd1dbc00e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d5b21d1b-aca1-492f-9ceb-ac058ad6cb61.tmp

Filesize
5KB

MD5
a96fba96bee433cf79051f616cc3727d

SHA1
08166232c236ad70cf09cbb5fdad0d91da560570

SHA256
78535a3f92da4dac8bbdec305073d6a56e57148d5441014d5fa42ce1244d160e

SHA512
b31ae7791843f57508e89273c9d144af85ee9f86f0d5ca2b961f47608aee5c0dd58c814b638a8d047c86ebfe965c4de3aaf349433b8b01a5c89fe684803ac0f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f7657c25f36e2b09377a1a223bbbcd7f

SHA1
95d05c582f02fbc37e7542790011a2e89711c1ab

SHA256
82083dd4b387d461cff768264c165e83ca24493b9ae088843f3ee904d9a7ca0c

SHA512
6ffd8efb4c8054c9c46329e09cd5994841dd9250a2f509fc7a9c8f33c93f7b7a8ffb230a6168f5f63902913a59ed31eccf6b51c8b3377fa3fbe231f25f6754b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
09d033e814804bdfcd5ed7bdecca727a

SHA1
4ab01a23b5847cf51e4a1e3eada21d6d932c70f5

SHA256
d3bbd68fdb2416cf66fe18c6714e7b423234560474b59276f99080f2107cb33e

SHA512
6ee8bc51a2d03a6ddf911701d96011abdb07ce17a22f6532b42df5ab4478623d7980ed05e0e6dba3ece80d07494baf4dd6065c497a5929d1f10720f11eb1566b

Download Submit
C:\Users\Admin\Downloads\Oyun_Aktivatoru.zip

Filesize
10.7MB

MD5
1388adac7d01ba3d919ec73c923b758e

SHA1
d75e3f3d6aa4a4d67565849fdac941c92f57f90e

SHA256
bd5b8d9f01df9d8352b67b2ef1144223e91bf18b0f15484044792a47626d3390

SHA512
243c0200fcbd3a348d71b413a194ff87522f0e0f7d91cd2edf61feb24f74d9f0703aed6f86aca407dfa675d835920230d1cb31ccdc099b2a0d944db3a16ddc41

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701tr.exe

Filesize
3.8MB

MD5
0cbdfaacd5fefb4acb67efb8253e5e3f

SHA1
da7175d0d2a49e3e86a85538f18799c7cf17e486

SHA256
7821f9d85301d59f8d4354fa4d8f203d53300579f1314bd2f0ef09fc18d69ae6

SHA512
a680fce2667a1033754ffb28245b5480fa7e6f98feece70b84c02d08faa621b280a991ab2c7bdd4e9fea58e8083503ac2877eeff130191da742ba20055d8a591

Download Submit
memory/6076-344-0x000001B748D00000-0x000001B748D01000-memory.dmp

Filesize
4KB

Download
memory/6076-343-0x000001B748D00000-0x000001B748D01000-memory.dmp

Filesize
4KB

Download
memory/6076-345-0x000001B748D00000-0x000001B748D01000-memory.dmp

Filesize
4KB

Download
memory/6076-355-0x000001B748D00000-0x000001B748D01000-memory.dmp

Filesize
4KB

Download
memory/6076-354-0x000001B748D00000-0x000001B748D01000-memory.dmp

Filesize
4KB

Download
memory/6076-353-0x000001B748D00000-0x000001B748D01000-memory.dmp

Filesize
4KB

Download
memory/6076-352-0x000001B748D00000-0x000001B748D01000-memory.dmp

Filesize
4KB

Download
memory/6076-351-0x000001B748D00000-0x000001B748D01000-memory.dmp

Filesize
4KB

Download
memory/6076-350-0x000001B748D00000-0x000001B748D01000-memory.dmp

Filesize
4KB

Download
memory/6076-349-0x000001B748D00000-0x000001B748D01000-memory.dmp

Filesize
4KB

Download